This is currently only present in `private-etc` in mutt.profile, though
it may also be used by other programs that use GNU TLS.
This was added to mutt.profile on commit a8a8e33bc ("Add whitelisting to
mutt; improve geary, new profile for neomutt", 2020-12-28) / PR #3849.
Relates to #6400.
mpv crashes if luajit is blocked:
$ firejail --quiet --noprofile \
--include=/etc/firejail/disable-interpreters.inc /usr/bin/mpv
/usr/bin/mpv: error while loading shared libraries: libluajit-5.1.so.2: cannot open shared object file: Permission denied
So make sure that allow-lua.inc is always included when mpv paths (such
as ~/.config/mpv) are allowed.
Environment: luajit 2.1.1727870382-1, mpv 1:0.39.0-3 on Artix Linux.
Related commits:
* db2bdaadd ("add lua support for mpv (#3243)", 2020-02-24) /
PR #3243
* d6a6fb905 ("Allow Lua for mpv in dolphin.profile", 2020-04-18) /
issue #3363
* f3585e539 ("fixes, closes, enhances, improvements, and so on",
2020-11-09) /
issue #3686
* 3ec523f11 ("profiles: anki: allow lua", 2024-11-14) /
PR #6545
As reported by @kmille[1]:
The current `tesseract` profile breaks `ocrmypdf`:
kmille@linbox:scans ocrmypdf C.pdf del.pdf
Scanning contents ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100% 1/1 0:00:00
1 Error, could not create hOCR output file: No such file or directory tesseract.py:253
1 Error, could not create TXT output file: No such file or directory tesseract.py:253
OCR ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 0% 0/1 -:--:--
An exception occurred while executing the pipeline _common.py:294
Traceback (most recent call last):
File "/usr/lib/python3.12/site-packages/ocrmypdf/_pipelines/_common.py", line 259, in
cli_exception_handler
return fn(options, plugin_manager)
^^^^^^^^^^^^^^^^^^^^^^^^^^^
[...]
File "/usr/lib/python3.12/pathlib.py", line 840, in stat
return os.stat(self, follow_symlinks=follow_symlinks)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
FileNotFoundError: [Errno 2] No such file or directory: '/tmp/ocrmypdf.io.0od81kk5/000001_ocr_hocr.hocr'
These are some of the commands that run in background:
[...]
2024/11/23 22:13:53 PID=403915 UID=0 CMD=/usr/bin/firejail /usr/bin/tesseract --list-langs
2024/11/23 22:13:53 PID=403917 UID=0 CMD=/run/firejail/lib/fcopy /usr/bin/text2image /run/firejail/mnt/bin
2024/11/23 22:13:53 PID=403939 UID=1000 CMD=gs -dQUIET [...] -f /tmp/ocrmypdf.io.0od81kk5/origin.pdf
[...]
2024/11/23 22:14:03 PID=403953 UID=0 CMD=tesseract -l eng /tmp/ocrmypdf.io.0od81kk5/000001_ocr.png [...]
Fixes#6550.
[1] https://github.com/netblue30/firejail/issues/6550#issue-2686607038
Reported-by: @kmille
Suggested-by: @kmille
According to @rusty-snake[1]:
> Distributions started to replace wget with wget2 (I.e. `wget` and
> `wget2` are the same binary where one of them is a symlink to the
> other).
So move all custom entries (other than `private-bin`) from wget2.profile
into wget.profile and turn wget2.profile into more of a redirect to
wget.profile.
[1] https://github.com/netblue30/firejail/pull/6542#pullrequestreview-2426287045
wget appears to require access to this directory for HSTS & HPKP.
Without access to this directory, I get the following error when running
wget:
Failed to read HSTS data
Failed to read HPKP data
Failed to write HSTS file
This fixes it.
Make them match the comments in profile.template.
Command used to search for potential issues:
$ git grep -E '# Allow [A-Z][A-Za-z]+ .* \(blacklisted'
Added on commit 3af6c4068 ("Add Chatterino profile", 2022-12-24) /
PR #5556.
Anki uses mpv to play media, which requires the lua interpreter.
Without this, anki displays this error in the console and falls back to
mplayer:
mpv: error while loading shared libraries: libluajit-5.1.so.2: cannot open shared object file: Permission denied
Traceback (most recent call last):
File "/usr/lib/python3.12/site-packages/aqt/sound.py", line 854, in setup_audio
mpvManager = MpvManager(base_folder, media_folder)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.12/site-packages/aqt/sound.py", line 408, in __init__
super().__init__(window_id=None, debug=False)
File "/usr/lib/python3.12/site-packages/aqt/mpv.py", line 442, in __init__
super().__init__(*args, **kwargs)
File "/usr/lib/python3.12/site-packages/aqt/mpv.py", line 104, in __init__
self._start_socket()
File "/usr/lib/python3.12/site-packages/aqt/mpv.py", line 194, in _start_socket
raise MPVProcessError("unable to start process")
aqt.mpv.MPVProcessError: unable to start process
mpv too old or failed to open, reverting to mplayer
While gamepads apparently work fine in the Steam client itself, `nou2f`
appears to make gamepads unresponsive inside certain games while using
"Steam Input" (possibly due to `nou2f` blocking access to `/dev/hidraw*`
devices).
This issue reportedly affects at least the following games on Steam:
"Undertale", "Persona 4 Golden" and "Persona 5 Royal".
Disable nou2f to ensure that gamepads can be used.
Relates to #6523.
Reported-by: @opqriu
There are multiple reports in #6121 that dnsmasq does not work when
called by libvirt:
$ sudo virsh net-start default
error: Failed to start network default
error: internal error: Child process (VIR_BRIDGE_NAME=virbr0 /usr/local/bin/dnsmasq [...]) unexpected exit status 1: Error: PATH environment variable not set
Also, note that this is a server program, so it might be better to
disable it by default anyway.
Reported-by: @marek22k
This fixes access to Thunderbird system policies, which can be set
system-wide via `/etc/thunderbird/policies/policies.json`.
Users can also use this directory to set different default preferences.
Relates to #6400#6435.
